Bug 30269

Summary: PAM unable to dlopen(/usr/lib64/security/pam_cracklib.so)
Product: Mageia Reporter: papoteur <yvesbrungard>
Component: RPM PackagesAssignee: Base system maintainers <basesystem>
Status: NEW --- QA Contact:
Severity: normal    
Priority: Normal CC: bequimao.de, davidwhodgins, marja11, neoser10, zen25000
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: pam-1.5.2-2.mga9 CVE:
Status comment:

Description papoteur 2022-04-10 18:43:31 CEST 
Description of problem:
I found in the journal of cauldron VM:
su[3457]: PAM unable to dlopen(/usr/lib64/security/pam_cracklib.so): /usr/lib64/security/pam_cracklib.so: Ne peut ouvrir le fichier d'objet partagé: Aucun fichi>
su[3457]: PAM adding faulty module: /usr/lib64/security/pam_cracklib.so

in /etc
grep -R pam_cracklib.so
pam.d/system-auth:password    required      pam_cracklib.so try_first_pass retry=3 minlen=4  dcredit=0  ucredit=0

But nothing provides  pam_cracklib.so
https://github.com/linux-pam/linux-pam/blob/master/NEWS : Removed deprecated pam_cracklib module, use pam_passwdqc (from passwdqc project) or pam_pwquality (from libpwquality project) instead.

Cauldron provides only pam_pwquality, thus the update should modify /etc/pam.d/system-auth to substitute pam_pwquality to pam_cracklib
papoteur 2022-04-10 18:43:48 CEST

Version: 8 => Cauldron

Comment 1 Jani Välimaa 2022-04-10 20:07:21 CEST 
It's fixed since pam-1.5.1-2.mga9.
Comment 2 Lewis Smith 2022-04-11 20:25:44 CEST 
Papoteur's report is for the most recent version in Cauldron, 1.5.2. If what you say is correct, has there been a reversion?

CC: (none) => lewyssmith

Comment 3 Thomas Backlund 2022-04-11 20:34:02 CEST 
nope,

but we dont modify config files in /etc on update, so if the system was installed before the fix, it will still be there...
Comment 4 Dave Hodgins 2022-04-11 20:48:44 CEST 
How will this be handled on upgrades from Mageia 8?

CC: (none) => davidwhodgins

Comment 5 Lewis Smith 2022-04-11 21:43:56 CEST 
(In reply to Thomas Backlund from comment #3)
> nope,
> but we dont modify config files in /etc on update, so if the system was
> installed before the fix, it will still be there...
Noted.
And you cannot uninstall (to re-install) PAM... It breaks the system.
Is there anything Papoteur can do to stop the reported error?
Will it not affect anyone with a Cauldron system installed before v1.5.1 (Aug 2021)?
Barry Jackson 2022-04-12 13:50:12 CEST

CC: (none) => zen25000

Comment 6 Mauricio Andrés Bustamante Viveros 2022-09-27 04:49:33 CEST 
I installed Cauldron using the urpmi method from a MGA8x86 VM (Fully updated sept 21), Installed MGA8 from scratch jul 18 2022
The install date for the Cauldron is sep 22 2022

I hit that issue and Dave Hodgins asked to search an opened bug or remember

"Regarding the messages about pam_cracklib.so, the module has been deprecated.
While the messages don't appear to cause any problem, the various rules in
/etc/pam.d/ will need to be fixed to no longer require it. Please open a bug
report if there isn't one already.

Regards, Dave Hodgins"

If is required further testing, I can export my MGA8x86 That is fully updated and redo the migration in other VM to avoid service disruption

CC: (none) => neoser10

Comment 7 Dave Hodgins 2022-10-09 16:41:35 CEST 
*** Bug 30949 has been marked as a duplicate of this bug. ***

CC: (none) => bequimao.de

Comment 8 Dave Hodgins 2022-10-09 16:42:56 CEST 
Shouldn't the config file(s) requiring pam_cracklib.so be renamed to *.rpmsave
and a new one created?
Comment 9 Thomas Backlund 2022-10-09 17:04:27 CEST 
nope.

.rpmsave is only created  if one removes a package that contains a %config file that has been modified.


I guess to cope with upgrades we might need to do some specific sed surgery on upgrade
Comment 10 Marja Van Waes 2022-10-20 15:45:58 CEST 
(In reply to Thomas Backlund from comment #9)
> nope.
> 
> .rpmsave is only created  if one removes a package that contains a %config
> file that has been modified.
> 
> 
> I guess to cope with upgrades we might need to do some specific sed surgery
> on upgrade

Would be nice if that could be done, too, for users already running cauldron since before pam-1.5.1-2.mga9

Assignning to the base system maintainers

CC: (none) => marja11
Assignee: bugsquad => basesystem

Comment 11 Lewis Smith 2022-10-21 10:11:25 CEST 
Thanks Marja.

CC: lewyssmith => (none)

Comment 12 katnatek 2024-02-07 23:40:28 CET 
Is this still valid in current pam-1.5.2-5 or pam-1.5.2-5.1 from https://bugs.mageia.org/show_bug.cgi?id=32746#c2 ?